Changing the default umask setting in exadata

Asset ID:	1-71-1633853.1
Update Date:	2014-04-01
Keywords:

Solution Type Technical Instruction Sure

Solution 1633853.1 : Changing the default umask setting in exadata

Applies to:

Exadata Database Machine X2-2 Hardware - Version All Versions to All Versions [Release All Releases]
Linux x86-64

Goal

To implement Security ,If someone wants to edit the default (022) setting for umask in ‘/etc/profile' to '077' which is the most restrictive setting and will only allow the owner of the file to read, write or execute it.

Solution

On the Cells (storage servers) its never supported to make any changes to the environment including the default umask.

On the Compute (DB Nodes) while not recommended, the default umask setting can be changed with care, as long as the users defined umask setting is as documented. (root, Grid, EM. Oracle, ... manually set to 022)

Oveririding the default umask setting can cause.

1. If the individual user umasks are not set properly the OS, software, utilities will not operate correctly.

2. When clusterware tries to launch oraagent process for the 'oracle' account, the 'oracle' process cannot access one or more of the libraries

So its not recommended to change the default umask setting on storage and compute nodes.

References

<NOTE:1598563.1> - Exadata Kernel Tuning: Compute Node /etc/sysctl.conf parameters: Default settings and which are commonly tuned
<NOTE:1614134.1> - Intermittent Slower Network and Connection Timeouts
<NOTE:1005784.1> - How to resolve inactivity timeouts for logins and shells
<BUG:10393664> - UMASK FOR ROOT SHOULD BE SET 022 BEFORE APPLYING A PSU

Attachments

This solution has no attachment